Over 80% of northern European organizations emphasize that the need to ensure business resilience is the top driver for their cybersecurity investments, according to Nixu.
The report reveals both encouraging progress and increasing concerns. Alarmingly, 50% of organizations reach only a poor or deficient level in cybersecurity.
“The prominence of business resilience as a driver for cybersecurity investments highlights the increasing awareness of the need to protect operations and ensure continuity. Overall, the Nixu report reflects our dedication to providing valuable insights that help organizations tailor their cybersecurity strategies,” says Teemu Salmi, CEO of Nixu.
A gap between top performers and the rest
The Nixu report is based on self-assessment by 372 cybersecurity and business leaders from various industries and countries. The survey was conducted in June–August 2023. The index measures cybersecurity maturity by evaluating four performance factors: current state, management, investments, and future development plans.
This year’s average score of 64,9 is deficient on the 10–100 index scale. The best-performing Nordic countries were Denmark and Norway, which reached a satisfactory level. The average scores for Sweden and Finland dropped from last year, and both are now on a deficient level.
Organizations with a cybersecurity index of 75 or higher significantly outperform their counterparts. These top performers prioritize risk management, include cybersecurity in executive management discussions, and allocate a substantial portion of their ICT budget to cybersecurity.
Security monitoring and incident response top cybersecurity capabilities
Security monitoring and incident response is clearly seen as a top cybersecurity capability now and during the next 12 months. Compared to last year, the current value of this area increased clearly, from 44% to 49%.
“This indicates that organizations are widely concerned about maintaining their business resilience in an evolving cybersecurity threat landscape. Through better security monitoring, organizations are able to detect early indications of attacks, and with more sophisticated response capabilities, organizations can limit the impact of any incident,” says Jan Mickos, Nixu’s SVP and Service Area Lead of Managed Services.
Raising security awareness, refining identity and access management (IAM), and early threat detection are also among the primary development objectives.
AI is a central trend in cybersecurity
A new theme that surfaced in the 2023 study was AI. Respondents said that it is currently the most prominent topic for cybersecurity.
“AI’s emergence as a central cybersecurity topic presents both challenges and opportunities. As organizations harness AI’s power in their business solutions, they must remain vigilant to the potential security risks. However, AI also holds the key to enhanced defense solutions reducing the risks of human error,” Jan Mickos points out.
High demand for cybersecurity experts demands increased outsourcing
Already now, a substantial 59% of the surveyed organizations admit they face serious challenges in hiring necessary cybersecurity expertise. Despite this, most intend to expand their internal cybersecurity teams. Although the planned increase in headcounts is modest, the total demand for experts in the region is huge compared to the availability of talent.
To solve the serious issues of managing competences and ensuring resilience, the report recommends consistent cybersecurity management, investing in risk management, and complementing internal operations with an external service delivery capabilities partner.
“Organizations must be proactive and strategic in their approach. These recommendations provide a roadmap for enhancing cybersecurity maturity and business resilience,” states CEO Teemu Salmi.